The Regulatory Impact on Vendor Management

Increasing regulatory oversight affects the management of third-party relationships, but process automation can enhance the ability to conduct vendor management


" Auditability. You can prove you conducted the proper activities. All activity is captured, documented and easily retrieved thereafter
Process linkage. Each step in the selection and management processes is correlated and linked
Collaboration and visibility. All internal stakeholders have direct access to appropriate information about the process
Flexibility. Systems map to your particular business structure, be it centralized or decentralized procurement governance.
Standards and reuse. Required practices are defined and applied repeatedly (e.g., in templates)
Task Management. Responsibilities for processes and tasks are easily defined and managed
Best value vendor selection. The assessment of a large number of supplier attributes across quantitative and qualitative measures is facilitated such that no meaningful attribute is neglected and objective/subjective factors are included
Supplier performance metrics. Selection attributes and any other performance measures are defined such that they can be measured and documented over the life of the contract. Contract terms are visible to all stakeholders.

What Can Happen Without Automation? A Due Diligence Example
An FSP decides to offer a new small-business credit card. Based on a marketing campaign, the FSP expects significant inquiries in response to the solicitation.

The process follows these steps:

1. The FSP determines that a call center needs to be established that can: a.) deal with the high inbound call activity and b.) properly describe the differentiated features of the credit card offerings.

2. The provider initiates a search for a third-party provider to perform this service for a period of one year. The provider must be in place within seven weeks because the marketing campaign is already in its final planning phase.

3. A selection team is formed, comprised of collaborators from product marketing, legal, finance, risk, information technology and purchasing functions.

The FSP's team encounters several challenges that could compromise risk principles:

* Urgency based on an imminent marketing campaign launch
* Scheduling meetings and effectively collaborating across the diverse set of stakeholders
* Difficulty documenting the evaluation criteria that will address each constituent's needs while balancing risk
* Temptation to accept vendor capabilities without actual verification (such as site visits, background checks, financial record review)
* Numerous unstructured discussions with the vendors, resulting in a volume of undocumented e-mails, files and phone conversations
* Attrition on the selection team due to resignation of a stakeholder
* Inability to effectively assess and respond to the volume and depth of all proposals

As you can see, this situation presents many threats to conducting appropriate due diligence that balances business need with risk and produces an auditable outcome.

Financial services providers face a daunting task in trying to balance the dual objectives of maintaining compliance and delivering business value.

Automation solutions are now available to enable these objectives in the face of complex sourcing events, numerous internal stakeholders, decentralized buying and a variety of services and goods being sourced.

About the Author: Marc Osofsky is vice president of marketing and business development at Frictionless Commerce, an enterprise sourcing software company based in Cambridge, Mass.

References

Office of the Comptroller of the Currency, Bulletin OCC 2001-47, Third-Party Relationships, November 1, 2001

Office of the Comptroller of the Currency, Bulletin OCC 2001-31, Weblinking, July 3, 2001
Federal Financial Institutions Examination Council, Risk Management of Outsourced Technology Services, November 28, 2000

American Bankers Association, Financial Modernization: the Gramm-Leach -Bliley Act Summary, November 12, 1999

Financial Services Roundtable/BITS, BITS Framework: Managing Technology Risk for Information Technology Service Provider Relationships, August, 2001

  • Enhance Your Experience.

    When you register for SDCExec.com you stay connected to the pulse of the industry by signing up for topic-based e-newsletters and information. Registering also allows you to quickly comment on content and request more infomation.

Already have an account? Click here to Log in.

Enhance Your Experience.

When you register for SDCExec.com you stay connected to the pulse of the industry by signing up for topic-based e-newsletters and information. Registering also allows you to quickly comment on content and request more infomation.

OR

Complete the registration form.

Required
Required
Required
Required
Required
Required
Required
Required
Required
Required
Required